2 BILLION Google Chrome users hit by browser security flaw! Protect yourself now | Tech News

2 BILLION Google Chrome users hit by browser security flaw! Protect yourself now

A high-severity vulnerability has affected as many as 2 billion Google Chrome users. You must protect yourself from hackers and the sooner you do it, the better.

| Updated on: Jan 14 2023, 21:04 IST
In Pics: Know 5 ways to stay safe online on Google Chrome
Google Chrome
1/5 Keep strong password: Using a password manager (even if it’s not Google’s) will help you store and use a strong, unique password for each site you log into. Google Password Manager can suggest and save a strong, unique password of gobbledygook (like KZamPPzj43T9mQM). Then, Chrome will autofill the password next time you need it — on any device. Chrome should suggest a new strong password when creating a new account, or you can always right click in the password field and click “Suggest Password.” (Pixabay)
Google Chrome
2/5 Keep updating Google Chrome: Like every other application, security engineers work to keep Chrome safe against the latest threats, by working on updates and improvements. And these updates and improvements come out at least every two weeks. Chrome checks for updates regularly, and when one is available, Chrome downloads it immediately and then applies it when you close and reopen the browser. But if you haven’t closed your browser in a while, you may have a pending update visible in the upper right corner of the browser window. To apply the update, click “Update” or simply close and reopen Chrome. (REUTERS)
Google Chrome
3/5 Keep note of Chrome's download warnings: Chrome warns its users about dangerous downloads when possible. When you see a download warning, you can still download the file, but it is recommended not to do so. Computers are often compromised by malware because people misunderstand or ignore warnings. (Pixabay)
Google Chrome
4/5 Use 2-step verification: Two-factor authentication can use your phone to add an extra step to verify that it's you when you sign in. Signing in with both a password and a second step on your phone protects against password-stealing scams. If you sign into Chrome with a Google Account, be sure that you’re enrolled in 2-step verification to protect your account. (Unsplash)
Google Chrome
5/5 Use the browser with Enhanced security protection: To be even more secure while browsing the web in Chrome, turn on Enhanced Safe Browsing protection in your Chrome settings. It substantially increases protection from dangerous websites and downloads by sharing real-time data with Safe Browsing. If you’re signed in, Chrome and other Google apps you use (Gmail, Drive, etc) will be able to provide improved protection based on a holistic view of threats you encounter on the web and attacks against your Google Account, according to the blog post. (Pixabay)
Google Chrome
icon View all Images
Google Chrome users must update their browser to the latest version to protect themselves from hackers. (Pexels)

Google Chrome has been hit by a new security flaw and it has affected more than 2 billion users! Cyber security firm, Imperva Red has disclosed a high-severity vulnerability, dubbed CVE-2022-3656, which has been affecting Google Chrome and other Chromium-based browsers. The security flaw allows the theft of sensitive files such as cryptocurrency wallets, and login credentials. The cyber security company says that in this case, "the vulnerability was discovered through a review of the ways the browser interacts with the file system, specifically looking for common vulnerabilities related to the way browsers process symlinks."

For those who are unaware, Symlinks or symbiotic links are files that point to another file. “This can be useful for creating shortcuts, redirecting file paths, or organizing files in a more flexible way,” the blog mentioned. The Imperva team explained that this way symlinks can also introduce vulnerabilities. That's how this vulnerability affected Chrome browsers.

How Chrome users are at risk

While explaining a potential attack scenario, the cyber security research team said that the threat can create a fake cryptocurrency wallet and the website can request the users to download their recovery keys. This downloaded file will be a symlink to a folder on your computer. This file can be login credentials for a cloud provider. The saddest part is that users will not be aware of the leak of sensitive data.

“In the attack scenario described above, the attacker would take advantage of this common practice by providing the user with a zip file containing a symlink instead of actual recovery keys. When the user unzips and uploads the file, the symlink would be processed, allowing the attacker to gain access to sensitive files on the user's computer,” the blog mentioned.

What should Chrome users do

Thankfully, there is a way that Chrome users can protect themselves from Chrome vulnerability! The research team mentioned that the first bug fix which was rolled out in Chrome 107 hadn't addressed the issue completely. However, the issue has been fully resolved in Chrome 108. Hence, it is advised to keep your software up to date in order to protect yourself against the latest vulnerabilities

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 14 Jan, 21:03 IST